From patchwork Sun Jul 2 19:24:52 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 9821755 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D2E1760353 for ; Sun, 2 Jul 2017 19:24:59 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B7FE927480 for ; Sun, 2 Jul 2017 19:24:59 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A7DEC27F17; Sun, 2 Jul 2017 19:24:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.4 required=2.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_HI,RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8F49C27480 for ; Sun, 2 Jul 2017 19:24:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751863AbdGBTY5 (ORCPT ); Sun, 2 Jul 2017 15:24:57 -0400 Received: from mout.gmx.net ([212.227.17.22]:65487 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751849AbdGBTY5 (ORCPT ); Sun, 2 Jul 2017 15:24:57 -0400 Received: from p100.box ([193.159.25.122]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0MBnPX-1dbxty3C4N-00AlAo; Sun, 02 Jul 2017 21:24:53 +0200 Date: Sun, 2 Jul 2017 21:24:52 +0200 From: Helge Deller To: Hugh Dickins , linux-kernel@vger.kernel.org Cc: =?iso-8859-15?Q?J=F6rn?= Engel , linux-parisc@vger.kernel.org Subject: [PATCH v2] mm: Fix overflow check in expand_upwards() Message-ID: <20170702192452.GA11868@p100.box> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Provags-ID: V03:K0:NyFkrFaOJBoJ+S43EwJveiHUkUfCD+Ukne6+S1k8k86PS09tGWZ jjmMXnZe0vlZmgK94/u7MVK2e0R5+FHWknv6PkX0jISLG9BNRAd8vz0pH9aYB/7SESb8x1Z v2gKITCGWQbgsav7q5OMncx1b59ey2gco0tLFmLQp6jXGl+xxjIeiTtlXZKCCu9rhrMTxMv J1A9cUVXPp35SAhI3sh3A== X-UI-Out-Filterresults: notjunk:1; V01:K0:+l2y8TtMmSo=:mSVb94CYygY1y+8v9mFCYo Ytkj9yBfQCuVKtLDRgU13zxu/lG6rjxQnq2onU2+CidSdF4ucmyxNqHj+Dn/OSygfuIt+20ZQ wTmBUj+yFllZaFa/5xhv+x8ZwlU5CUPbkFOiUVyTykl/5GcvMrHzjhhQN9VJZSXsNZ8Kp2Zkr murZPd+OXMZ7fOm+qzUvt3BYuCBUWQoc9v8aCIWKgcRWRapPO+SuZvGHteY1WNejodIfOBq6X obEOdcCtyD2v2JTcGoCzLmAmTaCMBeJo4P4H3ZLPYe8L2JzkT3S9g/ugqtku005hkEhayzdZQ Gz33ogRnDowa40ZxaGrUYLpL6p8iT+NPitwCMl+U1hkiYf5w/Fh79ae+Mhx/gEe3Po91FFJYg JlDoPg1FHGn24dfCIGCn5IXBfR0JozrGdv9kioIAXhKoLeZNRNIY01GQgHX00Qx7x5RfuFDwp YJQ5nqih/BO733XxqWj9jC0pPJZuWz3tUy4Zz9ePIj6di1wFk8fgSlTPcNLo0nv0OHKlfuuj3 jzxmyAgV72WXLUVOYTMctKlKGG+UeDk/VQuLFxiwVrhRueYzhS8v6IjPRsKCdT7AG2y+QPRvH OWUyvv8nkIWEA3tJNl79eQohJsk1H8FHvPg1dUEtz2Z5L0zYqDyWuWK3VpL8m23eNtLy0cEYo uxYCk7pnttkuH8xkSIlmhgYATYGn/+nlxjoA58OGHU/PeEnZsCyn2MlYeQcqK/uxlEXjQhdSU OfNmYbLEqn4vs0PF6l3hcqIdRPGBv16Ty+J7nJ1Osri2/bhSSlKs23/0C/o= Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Jörn Engel noticed that the expand_upwards() function might not return -ENOMEM in case the requested address is (unsigned long)-PAGE_SIZE and if the architecture didn't defined TASK_SIZE as multiple of PAGE_SIZE. Affected architectures are arm, frv, m68k, blackfin, h8300 and xtensa which all define TASK_SIZE as 0xffffffff, but since none of those have an upwards-growing stack we currently have no actual issue. Nevertheless let's fix this just in case any of the architectures with an upward-growing stack (currently parisc, metag and partly ia64) define TASK_SIZE similar. Reported-by: Jörn Engel Fixes: bd726c90b6b8 ("Allow stack to grow up to address space limit") Cc: stable@vger.kernel.org Signed-off-by: Helge Deller --- To unsubscribe from this list: send the line "unsubscribe linux-parisc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/mm/mmap.c b/mm/mmap.c index a5e3dcd..cc2fc8a 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -2232,7 +2232,7 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) /* Guard against exceeding limits of the address space. */ address &= PAGE_MASK; - if (address >= TASK_SIZE) + if (address >= (TASK_SIZE & PAGE_MASK)) return -ENOMEM; address += PAGE_SIZE;